Android SDK with Reverse Engineering

Technical Team Lead for the Android SDK Risk Team:

Leadership Skills:

• Experience leading and mentoring teams

• Defining technical direction, setting goals, and prioritizing tasks

• Ensuring quality service delivery

• Transforming client requirements into successful outcomes

• Providing thought-leadership and innovative solutions

Technical Skills:

• Programming: Java, Kotlin, JavaScript, Flutter, other mobile software languages

• Reverse Engineering: Static and dynamic analysis techniques, using tools such as Jadx, Ghidra, Frida, IDA Pro, Burp

• Analyzing, unpacking, and reverse engineering code of malicious applications or SDKs

• ELF (Native Binaries) reverse engineering

• Query languages: SQL

Understanding of:

• Android fundamentals: Activity lifecycles, common Android API usage, AOSP

• Techniques used by malicious software

• Mobile App store policies (Ads, PHAs, Developer)

• Reading, comprehending, and analyzing source code

• Security engineering and analysis: Network security, cryptography, authentication security, rooting, packing, network protocols, and interception

Additional Skills:

• Signature development (e.g., Yara)

• Threat research (APT using OSINT, Virus Total, ExploitDB, MITRE)

• Vulnerability analysis or security code review

• Android software development

• Google Ads or content moderation

• Capture the Flag (CTF) for mobile software

• Pen testing: Blue Team and Red Team experience

Skills Required

Technical Skills:

• Programming Languages: Strong proficiency in Java and Kotlin; experience with JavaScript, Flutter, and other mobile software languages.

• Reverse Engineering: Experience with analyzing, unpacking, and reverse engineering code of malicious applications or SDKs using tools like Jadx, Ghidra, Frida, IDA Pro, Burp.

• Static and Dynamic Analysis Techniques: Proficient in both static and dynamic analysis methods for identifying malware and other security threats.

• ELF (Native Binaries) Reverse Engineering: Experience with reverse engineering native binaries.

• SQL: Experience developing SQL code to query data and identify common issues in malware analysis.

• Android Fundamentals: Understanding Android activity lifecycles, common Android API usage, AOSP, and Android application development.

• Techniques Used by Malicious Software: Knowledge of various methods used by malware to harm user devices or data.

• Mobile App Store Policies: Familiarity with policies regarding ads, potentially harmful applications (PHAs), and developer guidelines.

• Source Code Analysis: Ability to read, comprehend, and analyze source code.

Additional Skills:

• Signature Development: Experience with developing signatures, such as Yara.

• Threat Research: Research on threats such as Advanced Persistent Threats (APT) using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.).

• Security Engineering and Analysis: In-depth knowledge of security topics, including computer and network security, cryptography, authentication security, rooting, packing, and network protocols.

• Vulnerability Analysis or Security Code Review: Experience with these areas is beneficial.

• Android Software Development: Hands-on experience in Android software development.

• Google Ads or Content Moderation: Familiarity with these areas is a plus.

• Capture the Flag (CTF) Participation: Participation in CTF competitions for mobile software.

• Pen Testing: Experience in pen-testing, with knowledge of Blue Team and/or Red Team methodologies.

Professional Experience and Education:

• Required:

o 3-5 years of hands-on experience with Android and reverse engineering.

• Preferred:

o Associate, Bachelor’s, or Master’s degree in Computer Science, Computer Engineering, Information Systems, or related discipline.

Reverse Engineering: Experience with analyzing, unpacking, and reverse engineering code of malicious applications or SDKs using tools like Jadx, Ghidra, Frida, IDA Pro, Burp.